The GSO UNIXOPTS record must specify CHOWNRES.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6994 | ZUSSA053 | SV-7297r3_rule | DCCS-1 DCCS-2 ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| Parameter settings in the ACP impact the security level of z/OS UNIX. |
| STIG | Date |
|---|---|
| z/OS ACF2 STIG | 2019-12-12 |
Details
| Check Text ( C-3872r2_chk ) |
|---|
| For CA-ACF2 Release 15 and above this is not applicable. Refer to the following report produced by the ACF2 Data Collection. - ACF2CMDS.RPT(ACFGSO) Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ZUSSA053) If the UNIXOPTS record does not specify CHOWNRES this is a finding. |
| Fix Text (F-6723r3_fix) |
|---|
| The IAO must set the GSO UINIXOPTS record to specify CHOWNRES. Example: SET C(GSO) LIST UNIXOPTS CHOWNRES DFTGROUP(OMVSDGRP) DFTUSER(OMVSUSER) NODIRACC NODIRSRCH NOFSOBJ NOFSSEC NOGOSETGID NOHFSACL NOHFSSEC NOIPCOBJ NGROUPS(300) NOPROCACT NOPROCESS |